A micropatch is ready to go via the 0patch platform for the Zero Day vulnerability in Microsoft’s JET Database Engine.
Micropatch distribution platform provider, ACROS Security, released the 21-byte patch for the vulnerable msrd3x40.dll binary.
The 0patch release came out the day after Trend Micro’s Zero Day Initiative published their Proof Of Concept exploit.
A micropatch was ready the day after the initial proof of concept published by ZDI, said Mitja Kolsek, ACROS Security chief executive, in a post.
Kolsek said the remotely exploitable vulnerability in all Windows versions (discovered by Lucas Leong) released because Microsoft missed ZDI’s 120-day fixing window. The 0patch team tested ZDI’s proof-of-concept and found the following:
1. Jet is only supported in 32-bit, which means that a 64-bit application tricked into accessing a malformed data source file will not be exploitable. Indeed, double-clicking ZDI’s poc.js on 64-bit Windows results in an error message; in order to launch poc.js on a 64bit machine one needs to use the 32-bit wscript.exe by launching c:\windows\SysWOW64\wscript.exe poc.js.
3. A more realistic attack could probably be conceived using a malicious Office document referencing an external malformed Jet data source. We haven’t investigated that, however, as our job is not to write exploits but micropatches. (Resourceful attackers will soon reveal their weaponization ideas anyway.)
Following a few small changes to match the affected Windows 10 binary, two micropatches (one for Windows 7 and one for Windows 10) released.
“One of our goals with 0patch is to make vulnerability patching so fast that attackers won’t even manage to develop a reliable exploit for a public vulnerability, much less launch a campaign with it, before the vulnerability is already patched on most users’ computers,” Kolsek said.
Binary micropatches issued through the 0patch platform are entirely free and can be applied to vulnerable systems without the need to restart the affected process or rebooting the machine they’re running on.
Micropatches distributed via the 0patch platform keep vulnerable systems safe until an official patch releases.
Once a binary is patched using a micropatch, all future exploits will be ineffective since the entire code that could be exploited is changed, and the vulnerability is removed.
Users can download and apply all available micropatches to vulnerable binaries on their machines after creating an account on 0patch.com, downloading the 0patch Agent on their computers and registering the agent to their device.
Micropatches developed by ACROS Security allow users vulnerable to Zero Days to patch their systems and secure them until Microsoft releases official patches for the issue.